A spyware tool developed by NSO Group of Israel can no longer be used to target cellphones with UK numbers, The Guardian reported Friday.
The British daily quoted unnamed sources familiar with NSO’s operations saying the change took effect last August, immediately after the company learned that its Pegasus software was allegedly used by the ruler of Dubai, Sheikh Mohammed bin Rashid Al Maktoum, to hack the phones of his ex-wife Princess Haya and her lawyers.
“We shut down completely, hard-coded into the system [Pegasus], to all of our customers. We released a quick update in the middle of the night that none of our customers can work on UK numbers,” a source said.
The source added that Pegasus can also not be used against phone numbers in Israel, the United States, Canada, Australia, New Zealand and the United Kingdom. The latter countries make up the “Five Eyes” intelligence alliance.
The report came after Britain’s top court ruled Wednesday that Dubai’s ruler hacked the phones of his ex-wife and her attorneys during the legal battle over custody of their two children.
Sheikh Mohammed, who is also vice president and prime minister of the United Arab Emirates, gave his “express or implied authority” to hack the phones of the princess and her attorneys using Pegasus spyware produced by NSO Group of Israel, the court said. The software is licensed exclusively to nation-states for use by their security services.
NSO has been at the center of allegations that governments are abusing electronic surveillance technology to spy on political opponents, human rights activists and journalists.
The hacking of Princess Haya’s phone came to light partly through the work of William Marczak, a fellow at Citizen Lab, a cybersecurity watchdog at the University of Toronto. In addition, NSO adviser Cherie Blair, the wife of former British Prime Minister Tony Blair, contacted one of the princess’ lawyers to inform her that the company suspected its software had been “misused” to hack into her phone.
Sheikh Mohammed’s lawyers chose not to offer evidence to counter the hacking allegations, arguing that the princess hadn’t proved either that the phones had been hacked or that the UAE or Dubai ordered any hacking that may have occurred.
The court was also told that Sheikh Mohammed could neither confirm nor deny whether the UAE had a contract with NSO for use of Pegasus software.
Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras. The program is designed to bypass detection and mask its activity.
NSO’s methods have grown so sophisticated that researchers say it can now infect targeted devices without any user interaction, the so-called “zero-click” option.
The company doesn’t disclose its clients and says it sells its technology to Israeli-approved governments to help them target terrorists and break up pedophile rings and sex- and drug-trafficking rings.
But some of the targets of such surveillance take a different view.
An investigation by a global media consortium based on leaked targeting data suggested that NSO’s software was being used to spy on journalists, human rights activists and political dissidents.